povertystealer | 1f4c7a9b466d8948c8b7331d7be380640afb67f2893789294c9fdd4f07b465df | Triage

Submit
Reports

Overview

overview

Static

static

3

C4PROSetup.exe

windows10-1703-x64

Sharing

General

Target

C4PROSetup.exe
Size

310KB
Sample

230920-mc95xaff21
MD5

8aedbe2e0aa36d89f5e6ca350297c608
SHA1

6ce038ac4bed79594807f9a20d13f99653db921d
SHA256

1f4c7a9b466d8948c8b7331d7be380640afb67f2893789294c9fdd4f07b465df
SHA512

b6478c929b41a22bad5188bd343300dc798ceb131fc4d86f10c2ee57269973fe4fad1fea4a7bf512047d50fada54c341f07fd96b1a67e67cd4a703678a5dbea0
SSDEEP

6144:CdMLKclkxl14NRjDS35D3MUVJEMvfjeS8X9X20:lGciJ0RC393LVJbvLkk0

Score

10^/10

povertystealer evasion spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

C4PROSetup.exe

Resource

win10-20230915-en

povertystealer evasion spyware stealer

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  C4PROSetup.exe
- Size
  
  310KB
- MD5
  
  8aedbe2e0aa36d89f5e6ca350297c608
- SHA1
  
  6ce038ac4bed79594807f9a20d13f99653db921d
- SHA256
  
  1f4c7a9b466d8948c8b7331d7be380640afb67f2893789294c9fdd4f07b465df
- SHA512
  
  b6478c929b41a22bad5188bd343300dc798ceb131fc4d86f10c2ee57269973fe4fad1fea4a7bf512047d50fada54c341f07fd96b1a67e67cd4a703678a5dbea0
- SSDEEP
  
  6144:CdMLKclkxl14NRjDS35D3MUVJEMvfjeS8X9X20:lGciJ0RC393LVJbvLkk0
Score

10^/10

povertystealer evasion spyware stealer
- Detect Poverty Stealer Payload
- Poverty Stealer
  Poverty Stealer is a crypto and infostealer written in C++.
  stealer povertystealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

povertystealerevasionspywarestealer

© 2018-2025

Terms | Privacy